Skip to content

Reject MIME parts with unsupported encoding

What does this MR do and why?

Contributes to #340366

Problem

Golang mime package skips processing unsupported encodings (see https://sourcegraph.com/github.com/golang/go@0fd0639e4c429e147d33bfc42654fcd651f4449f/-/blob/src/mime/mediatype.go?L247).

Because of that workhorse does not incercept the upload and skip sanitization for filename value.

Solution

Manually detect the charset of the filename* and reject the upload if charset is unsupported.

Screenshots or screen recordings

Screenshot_2022-01-11_at_11.17.13_AM Screenshot_2022-01-11_at_11.17.18_AM

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Vasilii Iakliushin

Merge request reports

Loading